From 39c6ee9b3123463cac06e4086f3e944a86879e6f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 Apr 2022 21:44:00 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EXPRESSOPENIDCONNECT-2438394 --- package.json | 2 +- yarn.lock | 61 ++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 44 insertions(+), 19 deletions(-) diff --git a/package.json b/package.json index 4ad1b9b..70ef4ab 100644 --- a/package.json +++ b/package.json @@ -79,7 +79,7 @@ "csurf": "^1.11.0", "dotenv": "^10.0.0", "express": "^5.0.0-alpha.8", - "express-openid-connect": "^2.5.2", + "express-openid-connect": "^2.7.2", "express-rate-limit": "^5.5.1", "express-session": "^1.17.2", "get-port": "^6.0.0", diff --git a/yarn.lock b/yarn.lock index 21f1c4c..7c0035a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -915,6 +915,13 @@ dependencies: "@hapi/hoek" "^9.0.0" +"@sideway/address@^4.1.3": + version "4.1.4" + resolved "https://registry.yarnpkg.com/@sideway/address/-/address-4.1.4.tgz#03dccebc6ea47fdc226f7d3d1ad512955d4783f0" + integrity sha512-7vwq+rOHVWjyXxVlR76Agnvhy8I9rpzjosTESvmhNeXOXdZZB15Fl+TI9x1SiHZH5Jv2wTGduSxFDIaq0m3DUw== + dependencies: + "@hapi/hoek" "^9.0.0" + "@sideway/formula@^3.0.0": version "3.0.0" resolved "https://registry.yarnpkg.com/@sideway/formula/-/formula-3.0.0.tgz#fe158aee32e6bd5de85044be615bc08478a0a13c" @@ -3053,6 +3060,13 @@ debug@^3.2.6, debug@^3.2.7: dependencies: ms "^2.1.1" +debug@^4.3.3: + version "4.3.4" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865" + integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== + dependencies: + ms "2.1.2" + debuglog@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492" @@ -4025,23 +4039,23 @@ expand-template@^2.0.3: resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c" integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg== -express-openid-connect@^2.5.2: - version "2.5.2" - resolved "https://registry.yarnpkg.com/express-openid-connect/-/express-openid-connect-2.5.2.tgz#5c576470084fb6777c0be8faecaa56771b27b782" - integrity sha512-YC1TwL+WE9Suafn5u+nDHOJf+k8qMNpvtHZrUX+6LCYH3G4l3WYu4NlRXjTu+Gx3bzV68Z89UhA4LDRyrns1EA== +express-openid-connect@^2.7.2: + version "2.7.2" + resolved "https://registry.yarnpkg.com/express-openid-connect/-/express-openid-connect-2.7.2.tgz#cbe8c5613b53116b57c70148c89b0a0401705e8e" + integrity sha512-NK/p0P9se8qUcH7ciTVST0rEGBZcefpjGWBEDIgHPjTPNKa7eaTqWAsGAs0d2+dHgZQmSQ7zP1jXH2CwKicyyw== dependencies: base64url "^3.0.1" cb "^0.1.0" clone "^2.1.2" cookie "^0.4.1" - debug "^4.3.2" - futoin-hkdf "^1.4.2" - http-errors "^1.8.0" - joi "^17.4.2" + debug "^4.3.3" + futoin-hkdf "^1.5.0" + http-errors "^1.8.1" + joi "^17.6.0" jose "^2.0.5" on-headers "^1.0.2" openid-client "^4.9.1" - p-memoize "^4.0.2" + p-memoize "^4.0.4" url-join "^4.0.1" express-rate-limit@^5.5.1: @@ -4448,10 +4462,10 @@ functional-red-black-tree@^1.0.1: resolved "https://registry.yarnpkg.com/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz#1b0ab3bd553b2a0d6399d29c0e3ea0b252078327" integrity sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc= -futoin-hkdf@^1.4.2: - version "1.4.2" - resolved "https://registry.yarnpkg.com/futoin-hkdf/-/futoin-hkdf-1.4.2.tgz#fd534e848e0e50339b8bfbd81250b09cbff10ba3" - integrity sha512-2BggwLEJOTfXzKq4Tl2bIT37p0IqqKkblH4e0cMp2sXTdmwg/ADBKMxvxaEytYYcgdxgng8+acsi3WgMVUl6CQ== +futoin-hkdf@^1.5.0: + version "1.5.0" + resolved "https://registry.yarnpkg.com/futoin-hkdf/-/futoin-hkdf-1.5.0.tgz#f10cc4d32f1e26568ded58d5a6535a97aa3a064c" + integrity sha512-4CerDhtTgx4i5PKccQIpEp4T9wqmosPIP9Kep35SdCpYkQeriD3zddUVhrO1Fc4QvGhsAnd2rXyoOr5047mJEg== gauge@^3.0.0: version "3.0.1" @@ -4879,7 +4893,7 @@ http-errors@1.7.2: statuses ">= 1.5.0 < 2" toidentifier "1.0.0" -http-errors@1.8.1, http-errors@^1.8.0: +http-errors@1.8.1, http-errors@^1.8.1: version "1.8.1" resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c" integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g== @@ -5626,6 +5640,17 @@ joi@^17.4.2: "@sideway/formula" "^3.0.0" "@sideway/pinpoint" "^2.0.0" +joi@^17.6.0: + version "17.6.0" + resolved "https://registry.yarnpkg.com/joi/-/joi-17.6.0.tgz#0bb54f2f006c09a96e75ce687957bd04290054b2" + integrity sha512-OX5dG6DTbcr/kbMFj0KGYxuew69HPcAE3K/sZpEV2nP6e/j/C0HV+HNiBPCASxdx5T7DMoa0s8UeHWMnb6n2zw== + dependencies: + "@hapi/hoek" "^9.0.0" + "@hapi/topo" "^5.0.0" + "@sideway/address" "^4.1.3" + "@sideway/formula" "^3.0.0" + "@sideway/pinpoint" "^2.0.0" + jose@^2.0.5: version "2.0.5" resolved "https://registry.yarnpkg.com/jose/-/jose-2.0.5.tgz#29746a18d9fff7dcf9d5d2a6f62cb0c7cd27abd3" @@ -7395,10 +7420,10 @@ p-map@^5.2.0: dependencies: aggregate-error "^4.0.0" -p-memoize@^4.0.2: - version "4.0.3" - resolved "https://registry.yarnpkg.com/p-memoize/-/p-memoize-4.0.3.tgz#9f3b9965f1fd79dadc2e6ec957c1b43c410a6f99" - integrity sha512-lX9GfP1NT5jheKsmvc1071L74/Vw7vul+uZEnst7LNuMtbKlWYwKItqcLSAVUyJnrfQAqFFCJQ5bt0whrDsWQA== +p-memoize@^4.0.4: + version "4.0.4" + resolved "https://registry.yarnpkg.com/p-memoize/-/p-memoize-4.0.4.tgz#90a4c4668866737fc5c8364c56b06f6ca44afb15" + integrity sha512-ijdh0DP4Mk6J4FXlOM6vPPoCjPytcEseW8p/k5SDTSSfGV3E9bpt9Yzfifvzp6iohIieoLTkXRb32OWV0fB2Lw== dependencies: map-age-cleaner "^0.1.3" mimic-fn "^3.0.0"